In this project, the researchers will pursue new algorithmic and mathematical tools that may redesign the basic components of a new Internet architecture, starting from a clean slate, rather than finding incremental solutions, compatible to the legacy infrastructure. This approach will introduce rather radical and unconventional approaches. In fact, the work is inspired by the work that is done, almost entirely, outside of the networking community. Specifically, they plan to leverage a number of algorithmic breakthroughs in the fields of learning theory, combinatorial optimization, distributed computing, and online algorithms that provide a different perspective for designing many components of a new Internet architecture.
Since the topologies, traffic patterns, and application requirements on future clean-slate networks are highly uncertain at the moment, this suggests creating a technology-independent architecture of the future Internet, with the emphasis on solving basic intellectual challenges in a rigorous analytical way. The researchers will thus pursue a systematic study of technology-independent, theoretically-validated, and model-independent components of the future Internet architecture.
In this proposal, the researchers will focus on the basic architectural components, such as maintaining the Routing Metric and designing proper flow control mechanisms. These components must be capable of supporting heterogeneous resources allocation, including the wireless periphery. Additional important consideration is security: protecting the routing structure against Denial-of-Service (DoS) and potentially even Byzantine attacks. They issues are closely related to each other. For example flow control must ensure stability of distributed load sensitive re-routing which is essential for security.
Broader Impact: As a result of this work, the future Internet will be much more robust, both in terms of security and in terms of ability to support applications with quality of service guarantees. Many applications, e.g., medical teleconferencing, virtual classrooms, military applications and others will be enabled by new Internet architecture. These new applications will have broad impacts on society as a whole.
This project focused on the development of an alternative method of securing inter-domain routing information. The current S-BGP approach requires the development of a new infrastucture service (the resource PKI) and greatly increases the size of BGP messages by adding digital signatures to the messages. This research aimed to reduce the computational complexity and message overhead of S-BGP by performing authentication checks on the information carried within BGP messages outside of the BGP protocol itself. The Routing Information Verification Tool (RIVET) leverages the information already available in the Internet Routing Registry (IRR) to verify the routing information carried within BGP. We developed a digital signature attribute for IRR data which can protect the information shared within the IRR and allow consumers of that information to be confident in its correctness. With these digital signatures in place, networks can deploy RIVET servers which constantly monitor the information in the IRR and verify its correctness using the digital signatures. When a BGP router receives a BGP Update message, it can verify the prefix origin and the AS-Path attributes carried in that message by querying the RIVET server(s). When a query is received, the RIVET server searches its cache of verified information and returns the status to the requesting BGP router. The RIVET status can then be incorporated into the BGP decision process via the Local-Preference attribute, allowing the network operator to control the level of required authentication needed via BGP policy. The resulting experimentation carried out on RIVET demonstrate several key takeaways. First, the overall RIVET framework shows that prefix origin and AS-Path information can be verified out-of-band from BGP, reducing processing overhead, state machine complexity, and message/bandwidth overhead. Second, the IRR can be modified using the new digital signature attribute to function just as well as resource PKI. These benefits can be incorporated into the S-BGP approach to reduce the overhead and complexity of protecting one of the key infrastructures underpinning the Internet.
